Cloud storage brokering service

ABSTRACT

Systems and methods for brokering storage services are disclosed. In one embodiment, the brokering system is configured to receive, from a client device, a request indicating a desired configuration for storing target data in at least one of the plurality of cloud storage services. The system can determine a first selection comprising at least one storage service from the plurality of cloud storage services based on the request, provision storage in the plurality of cloud storage services based on the determined first selection and provide, to the client device, a temporary manifest indicating the provisioned storage, wherein the temporary manifest comprises access data that enables the client device to access the provisioned storage in the cloud storage services. The system can then store the temporary manifest and determine whether the client device completed storing the target data on the provisioned storage based on a presence of the temporary manifest.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of and claims priority to U.S. patent application Ser. No. 13/965,085, entitled “CLOUD STORAGE BROKERING SERVICE,” filed on Aug. 12, 2013, which claims priority to U.S. Provisional Application No. 61/777,558, entitled “CLOUD STORAGE BROKERING SERVICE,” filed on Mar. 12, 2013, the entire contents of both applications are herein incorporated by reference in their entirety.

BACKGROUND

Today, cloud storage services have gained in popularity. Typically, a cloud storage service comprises two major components: (1) a web service that interfaces with the client and (2) a storage infrastructure. In conventional cloud storage services, the client can only access the storage infrastructure (and their files) through the web service. That is, the web service functions as a proxy for the client. Unfortunately, this structure ties the clients to a specific web service.

BRIEF DESCRIPTION OF THE DRAWINGS

Throughout the drawings, reference numbers may be re-used to indicate correspondence between referenced elements. The drawings are provided to illustrate example embodiments described herein and are not intended to limit the scope of the disclosure.

FIG. 1 illustrates an exemplary embodiment of a storage brokering system that provides a storage broker service that allows a user or enterprise to optimize its storage services.

FIG. 2 illustrates another embodiment of the storage brokering system that is configured to automatically perform storage service arbitrage and migrate data from one storage provider to another.

FIG. 3 illustrates a flow diagram of an embodiment of a storage routine performed by embodiments of the storage brokering system.

FIG. 4 illustrates a flow diagram of an embodiment of a data access routine performed by embodiments of the storage brokering system.

FIG. 5 illustrates a flow diagram of an embodiment of an arbitrage routine performed by embodiments of the storage brokering system.

FIG. 6 illustrates an embodiment of a storage manifest for tracking a mapping of data sets to cloud storage providers.

DETAILED DESCRIPTION

While some vendors have attempted to provide access to multiple storage services, these solutions merely provide an interface to the various storage services. For example, some software clients provide interoperability amongst a plurality of storage services, such as Amazon S3, Dropbox, Box, G-drive, etc. However, the user must still manage and decide which storage service to use and the storage service configuration.

The present disclosure relates to methods and systems for brokering storage services among a plurality of available storage systems, including cloud storage services. In some embodiments, a storage broker can be coupled to a plurality of storage services. Each storage service may offer different features, costs, and capacity.

The storage broker offers the user or enterprise various storage configurations for their needs. The configurations may relate to any aspect, such as, level of security, redundancy, availability, cost, etc. Based on the desired configuration, the storage broker can then determine an appropriate or optimal combination of the available storage services. The storage broker can then establish the appropriate accounts with the selected storage services.

The storage broker can also maintain and/or provide to the user or enterprise the information needed to access their data, such as encryption keys, file location links, etc., thereby simplifying management of storage services. The storage broker may also update the combination of storage services periodically, continuously, or on demand to optimize for cost, availability, performance, etc.

FIG. 1 illustrates an exemplary embodiment of a storage brokering system 100 that provides a storage broker service 105 that allows a user or enterprise to optimize its storage services. In one embodiment, the brokering system 100 includes a web service 110 that provides clients with an interface (e.g., a web site, Application Programming Interface (API), or the like) to interact with the brokering system 100. Storage services from various providers may be brokered and combined according to any criteria, such as cost, availability, performance, capacity, etc. In one embodiment, the broker service 105 includes a directory 115, a keystore 120 and/or a policy engine 125, which are described in further detail below.

In the illustrated embodiment of FIG. 1, one or more client devices 140 (e.g., computer, laptop, smart phone, tablet or other computing device) operating on a local area network (LAN) 135 store data on one or more local storage devices (e.g., network attached storage (NAS) or the like). The local storage devices can communicate with the broker service (typically located on a wide area network (WAN) 130 such as the Internet, and accessible from the local area network 135) to request the brokering service to broker storage on various cloud storage services. In one embodiment, the local storage devices 145 communicate with the brokering system 100 via a wired or wireless network connection, through one or more intermediary systems (e.g., Internet Service Providers, cellular data networks, etc.). Multiple local storage devices 145 on multiple local networks 135 may be in communication with the brokering system 100.

In some embodiments, an individual user and/or enterprise (for convenience, hereinafter referred to as “user”) may designate or specify desired criteria for their storage needs and submit them to the broker service. The broker service can then analyze the user's criteria and generate a storage lineup. The broker service may also establish the necessary accounts with the storage services (e.g., cloud storage #1-N 150 a-c) and then make the storage combination available to the user. Alternatively, the brokering service may offer “pre-packaged storage plans” that employ pre-determined combinations of the storage services. In one embodiment, the brokering service optimizes or analyzes the mix of cloud storage services used by a client or enterprise.

In some embodiments, the brokering service determines an optimum configuration of cloud storage based on user criteria, etc. The brokering service may determine a mixture of selected cloud storage providers continuously or dynamically to comply with rules or other criteria. The brokering service, for example, may comprise a policy engine 125 that monitors user activity and changes to the cloud storage services and then revises the storage lineup accordingly. Changes that may prompt a revision to the cloud storage mixture may include, but are not limited to, new data centers or storage providers becoming available, price updates, outages, network traffic, locations of client demand, etc.

In other embodiments, the brokering service may offer synchronization services with local storage. For example, a storage device 145 (e.g., a NAS) may be configured to work with the brokering service via a client application running on the storage device. This allows the local storage 145 to serve as a local cache, backup, etc. to client devices 140 on the local network 135 by working cooperatively with the brokered storage. For example, the client device may access data stored on the local storage 145 when the client device is on the local network 135 for greater performance, but rely on the brokering system 100 to access the same data stored on the a cloud storage provider 150 when the client device is away from the local network 135.

Criteria for Brokering of Storage

In some embodiments, the brokering service may offer or employ a wide variety of criteria to broker the storage services, such as cost, availability, geographic location, legislative/regulatory compliance, security, data types, as well as other criteria. Below are some examples of various criteria and how they may be employed.

In some embodiments, the brokering service may receive a requested amount of storage from the user or enterprise. The brokering service may then calculate an optimal mix of storage services on a cost per size basis. The cost optimization may leverage the storage needs of one or more users/enterprises alone or in combination to achieve various savings.

In one embodiment, the brokering service may perform arbitrage of the storage services on a continuous, dynamic or periodic basis. For example, the brokering service may solicit offers from the storage service, e.g., in an open auction, or with closed bidding, on a monthly, weekly, daily basis. Depending on the offers, the brokering service may then migrate storage from one service to another to optimize cost. An arbitrage service is described in greater detail in FIG. 2.

In other embodiments, the brokering service may attempt to configure the storage services to maximize availability, for example, for sensitive documents. The brokering service may thus select storage services based on the location of their data centers, past availability data, service level agreements, etc.

In some embodiments, the brokering service may optimize for geographic dispersion so that data is distributed among geographically dispersed locations to improve performance and/or reliability. For example, in order to avoid geographic based service interruptions (e.g., caused by storms, power outages, telecom failures, etc.), data may be replicated in data centers in two or more different geographic areas. In one embodiment, the system provides a “Wide Area” RAID. In particular, the brokering service may distribute data with parity to different locations so that files can be reconstructed from portions distributed among different cloud storage services.

The storage brokering system can provide a more open architecture or “intrinsic” cloud service. In some embodiments, the brokering service still comprises a web service and a storage infrastructure. However, in the storage brokering system, the client may initially interface the web service to establish or otherwise provision storage space and security for its files. Then, in contrast to conventional cloud storage services, the client directly interfaces the storage space to upload and download its files. In this embodiment, the client has greater access and/or control over the storage space.

In some embodiments, the brokering service may optimize to comply with various legislative or regulatory requirements. For example, the brokering service may, for some types of data or clients, avoid storing certain types of data in foreign countries (such as China and Australia) due to ownership/security of data issues. The brokering service may also configure the storage lineup based on the type of data, such as banking data, Health Insurance Portability and Accountability Act (HIPAA) data, etc.

In yet other embodiments, the brokering service may attempt to optimize the storage service based on performance, such as access speed, latency, etc. For example, the brokering service may test or receive performance data that indicates the performance of the various storage services. Responsive to this information, the brokering service may then include or remove the various storage services from their offerings.

The brokering service may also select storage services based on encryption and/or security services offered by the storage services.

The brokering service may also select storage services based on the data type or files that are being stored. For example, the brokering service may prefer a storage service for movies and other storage services for documents, etc.

Arbitrage and Migration

In some embodiments, the brokering service offers a transparent migration between storage services. For example, if a client or enterprise wishes to migrate from one cloud storage to another, the brokering service may migrate these files transparently without requiring extensive effort or involvement of the client.

Furthermore, the brokering service may be configured to provide backup and recovery services automatically in the event of outages, slow performance, etc. These services may be based on a subscription, the data type, etc.

FIG. 2 illustrates an embodiment of the brokering service 200 that is configured to automatically perform storage service arbitrage and migrate data from one storage provider to another. In some embodiments, the brokering service 105 of FIG. 1 includes some or all of the components of the brokering service 200 of FIG. 2. For example, the brokering service 105 of FIG. 1 may also perform arbitrage and data migration. However, for ease of explanation, the following describes these aspects of the brokering service 200 separately, as they may be performed independently of the previous aspects of the brokering service 105 of FIG. 1.

As illustrated in FIG. 2, the brokering service 200 includes a data migration service 205, an arbitrage service 215 and a data repository (e.g., database, flat file or other data structure stored on computer memory) for storing storage manifests 210. In one embodiment, the storage manifests reflect a mapping of stored data associated with respective customer accounts to the various cloud storage providers 150 a-150 c utilized by the brokering service 200.

In one embodiment, the data migration service 205 coordinates data transfers from one cloud storage service to another. For example, the data migration service 205 can provision storage space on a first cloud storage service 105 a, copy data from a second cloud storage service 150 b, and then delete the data from the second cloud storage service 150 b. In some embodiments, the data migration service 205 may retain copies of the data on the source storage service during the migration, for example, in order to increase availability of the data and/or create backup copies. The data migration service 205 can then update the storage manifests 210 to reflect the new location of the transferred data.

In some embodiments, the arbitrage service 215 performs data arbitrage by monitoring various storage services and optimizing on one or more criteria (e.g., cost, performance, reliability, or the like) while ensuring the selected storage service meets or exceeds the requirements defined by the customer. If the arbitrage service 215 finds that an alternative storage provider improves on the one or more criteria as compared to a current storage provider, the arbitrage service 215 can cause the data migration service 205 to perform a data migration from the current storage provider to the alternative storage provider. For example, the arbitrage service 215 may be configured (e.g., by user storage policy rules) to optimize based on cost and would therefore move data to the lowest cost storage provider.

In one embodiment, the arbitrage service 215 continuously iterates over all storage policy rules and applies them to the arbitrage computational model. Each manifest and its associated rules can be used to query the model, which then generates a recommendation for a best fitting cloud storage service. This recommendation is compared to the manifest's current storage location. When the recommended location is more fit than the manifest location, a migration of that manifest is scheduled with the data migration service.

In one scenario, when the arbitrage service 215 computes an improvement to a data set's current storage location, it requests the data migration service 205 to perform a migration. The migration service can generate a migration plan and schedule the migration using a pool of data migration resources that provide computing and/or network capacity for migrating data. Plans may take into account current factors such as network load and time based variable pricing in deciding when the transfer will occur. After the stored data is transferred and verified, the storage manifest for the data set can be updated with the new location and the data in the old location can be scheduled for deletion.

The arbitrage service 215 can maintain or have access to various types of data in order to perform arbitrage operations. Such data can include storage policies 220, specifying the desired pricing, connectivity costs, geography, capacity, availability or other criteria of customers. Individual criterion can be grouped together into a customer policy rule defining the various desired criteria of a customer for a storage provider for a particular storage manifest. In one embodiment, each storage manifest is associated with one or more customer policy rules.

The arbitration service 215 may also maintain or have access to storage provider data 225, which can include a list of available cloud storage services 150 and characteristics of respective cloud storage services 150 such as pricing, connectivity costs, geography, capacity, availability, etc.

In one embodiment, the arbitrage service 215 maintains an arbitrage computational model 230 (e.g. embodied in a software application). The arbitrage computational model 230 can utilize the storage polices and/or the storage provider data 225 to determine the best place to store data. For example, given a particular storage policy rule for a first data set, the model 230 can select an appropriate storage provider based on the storage provider data. The determination may be periodically or intermittently recalculated, for example, on a regularly scheduled basis or when policy rules change.

Operations

In some embodiments of the storage brokering system, the web service provides a directory service that associates a unique key with a file in cloud storage. Bound with that key are the cloud platform specific details needed to access that file using the intrinsic storage service. The web service can also act as a gate keeper that generates time restricted tokens that the client uses to access the directory service.

FIG. 3 illustrates a flow diagram of an embodiment of a storage routine performed by embodiments of the storage brokering system 100 or by one of its components, such as the directory 115 or the keystore 120. The routine is discussed in the context of an example scenario of an interaction with a client device 140 associated with a customer and a storage service 150 that is intended to illustrate, but not to limit, various aspects of the brokering system 100.

At operation (1), the client device 140 begins an upload sequence for a data set, which can include one or more electronic files. A customer may be associated with one data set or multiple data sets. The upload sequence begins with the client sending the size of the uploaded data set to the directory service 115.

At operation (2), the directory service 115 receives the size information, creates the storage container at the storage service 150 based on the size information. At operation (3), the directory service retrieves the address or location of the storage container and retrieves access tokens (e.g., authentication information such as passwords, encryption keys, security tokens, or the like) for the container. As various storage services 150 may provide different processes for accessing the storage container, the brokering system 100 can account for these variations, thereby making these access processes transparent to the customers. The directory service can also divide the data set up into multiple blocks to facilitate multi-stream upload into the storage service.

At operation (3), the directory service creates a storage manifest that, in one embodiment, contains a unique data set identifier, the storage address, and the block identifiers and places those items into a temporary collection or manifest stored, for example, in key/value storage. At operation (5), the directory service then adds the access tokens to the manifest, and sends that manifest to the client device 140. The client device 140 can then use this storage manifest to access the storage container on the storage service 150.

At operation (6), the client device 140 uses the information in the storage manifest to upload file blocks to the storage service 150. At operation (7), upon completion of the upload, the client device 140 sends the data set identifier back to the directory service 115 and notifies the directory service that the upload can be closed.

At operation (8), the directory service 115 uses the data set identifier to find the temporary manifest at the keystore 120. Optionally, at operation (9), the directory service 115 can obtain the temp manifest. In some embodiments, the directory service 115 already has the information stored in the temp manifest (e.g., from storing data from the previous transactions) and obtaining the temp manifest is unnecessary.

In one embodiment, the information in the temporary manifest is used to revoke the access tokens. At operation (10), the directory service 115 revokes the access tokens. Revoking the access tokens prevents the temp storage manifest from being reused to access the stored data. For example, if an unauthorized person intercepts or otherwise gains access to the temp storage manifest, that person will not be able to access the stored data, thereby increasing the data's security.

At operation (11), the directory service 115 instructs the keystore 120 to delete the temp manifest. At operation (12), the directory service 115 inserts a permanent manifest to the keystore 120.

The use of a temporary manifest can create a useful amount of transaction durability without having to resort to an ACID (Atomicity, Consistency, Isolation, Durability) data store. In the event that the upload fails, and the client fails to close the transaction, a periodic cleaning service can use the information in temporary manifests and the inventory of cloud storage containers to identify orphaned transactions. For example, in one embodiment, the system can check the age of temporary manifests to determine that transactions have failed, based on the assumption that transactions above a certain age where no completion message (e.g., a close transaction message) has been received from the client have failed. Another mechanism (there are several possible) can ensure that the keystore 120 itself does not lose the manifest in the event of failure. Finally, the access tokens themselves can expire after a fixed interval.

In some embodiments, one or more of the above operations (as well as other operations described herein) can include an authentication process. For example, an authentication process can be invoked when the client device 140 first attempts to access the directory 115 or the storage service 150. In one embodiment, the local storage 145 (e.g., a NAS) of FIG. 1 invokes an authentication process when the client 140 attempts to access the local storage 145 and/or when the local storage 145 communicates with the brokering system 100. Various authentication processes can be used.

In one embodiment, a password-authenticated key agreement (PAKE) method, such as Secure Remote Password (SRP) protocol is used as an authentication process. A PAKE method is an interactive method for two or more parties to establish cryptographic keys based on one or more party's knowledge of a password. For example, SRP can be used in communications between the client 140 and local storage 145 and/or between the local storage 145 and the brokering system 100. An important property is that an eavesdropper or man in the middle cannot obtain enough information to be able to brute force guess a password without further interactions with the parties for each (few) guesses. This means that strong security can be obtained using weak passwords. In addition, in SRP, the server does not store password-equivalent data so that an attacker who steals the server data cannot masquerade as the client unless they first perform a brute force search for the password.

FIG. 4 illustrates a flow diagram of an embodiment of a download routine performed by embodiments of the storage brokering system 100 or by one of its components, such as the directory 115 or the keystore 120. The routine is discussed in the context of an example scenario of an interaction with a client device 140 associated with a customer and a storage service 150 that is intended to illustrate, but not to limit, various aspects of the brokering system 100.

At operation (1), the download sequence begins with the client device 140 sending the unique data set identifier to the directory service. In one embodiment, this is the same identifier that was provided with the manifest created during the upload sequence.

At operation (2), the directory service 115 finds the storage manifest and at operation (3), obtains the storage manifest. After obtaining the storage manifest, the directory service uses the storage address contained in the manifest for communications to the storage service 150.

At operation (4)-(6), the directory service 115 retrieves access tokens from the storage service 150, puts them in the storage manifest, and then returns the storage manifest to the client device 140. Because, in some embodiments, the storage brokering system 100 acts as an intermediary to the download request from the client 140, the system 100 is able to redirect the download as needed. For example, the system 100 may have, unbeknownst to the customer, moved the customer's data to a different storage service since the customer's data was first uploaded due to an arbitrage opportunity. The actual location of the customer's data can be transparent to the customer.

At operation (7), the client then uses the storage address and tokens to access the customer's stored data via the storage service 150. When the download is complete, the client device 140 notifies the directory service 115 using the identifying key. The directory service 115 then revokes the access tokens associated with the identifying key.

FIG. 5 illustrates a flow diagram of an embodiment of an arbitrage routine 500 performed by embodiments of the storage brokering system 100 or by one of its components, such as the broker service 105, 200. For ease of explanation, the following describes the routine as performed by the broker service 105. The routine is discussed in the context of an example scenario that is intended to illustrate, but not to limit, various aspects of the brokering system 100.

Starting at block 505, the broker service 105 monitors one or more metrics associated with a plurality of online storage providers. For example, such metrics can include at least storage pricing, connectivity costs, capacity or availability. In some embodiments, monitoring is performed by accessing data provided by the storage providers (e.g., through a web page or API) and, optionally, storing such information on a local data repository.

At block 510, the broker service 105 identifies one or more provider criteria associated with a first customer account. As discussed above, customers can have various criteria such as cost, performance, reliability, geographic location, regulatory and the like for storage providers that store their data.

At block 515, the broker service 105 obtains one or more metrics of a first storage provider storing a first data set associated with the first customer account. For example, the broker service 105 may obtain the metrics from the storage provider, from the local data repository, or may perform tests (e.g., for performance or reliability) in order to generate the metrics.

At block 520, the broker service 105 determines whether to migrate the data from one storage provider to another. In one embodiment, if the broker service 105 identifies that an arbitrate opportunity exists, the broker service transfers the first data set, proceeding to block 525. For example, if the broker service 105 finds that a second provider has a lower cost while otherwise satisfying all other criteria of the customer, the broker service 105 can decide to transfer the data to the second provider. Otherwise, if no arbitrage opportunity exists 520, the broker service 105 takes no action and continues monitoring the online storage providers, proceeding back to block 505.

Continuing to block 525, the broker service 105 auto-initiate migration of the first data set from the first storage provider to one or more selected storage providers of the plurality of online storage providers. In one embodiment, broker service 105 is configured to automatically make such determinations without further input from the customer or an administrator. In some embodiments, the broker service 105 may report that an arbitrage opportunity exists and recommend to the customer or an administrator transfer the first data set.

At block 530, the broker service 105 updates a mapping of stored data sets to storage providers. In one embodiment, the mapping comprises of one or more storage manifests each associated with a data set. The broker service 105 can modify one of the storage manifests to disassociate the first data set from the first storage provider and associate the first data set with the one or more selected storage providers identified as providing an arbitrate opportunity.

FIG. 6 illustrates an embodiment of the storage manifest 600. The storage manifest may be an XML file, a flat file, a database entry or other data structure. In the illustrated embodiment, the storage manifest includes a unique data set identifier 605, one or more cloud storage locations 610, data block identifiers 615, and access keys 620. In one embodiment, the unique data set identifier 605 identifies the storage manifest and/or the data associated with the manifest. The storage locations 510 identify the storage services that are storing the data set. The data block identifiers can provide specific location information for the data set. For example, the data block identifiers may identify the specific files that are stored on a particular storage provider or the specific location (e.g., a network address and path) of such files. The access keys 620 can include various security tokens and authorizations (e.g., passwords, account data, etc.) for accessing the data set in one or more storage services.

In some embodiments, the above system and its components may be configured differently than illustrated in the figures above. For example, various functionalities provided by the illustrated modules can be combined, rearranged, added, or deleted. In some embodiments, additional or different processors or modules may perform some or all of the functionalities described with reference to the example embodiment illustrated in the figures above. Many implementation variations are possible.

In some embodiments, the above system and its components are executed or embodied by one or more physical or virtual computing systems. For example, in some embodiments, a server computing system that has components including a central processing unit (CPU), input/output (I/O) components, storage and memory may be used to execute some or all of the components of the above system. The I/O components can include a display, a network connection to the network, a computer-readable media drive and other I/O devices (e.g., a keyboard, a mouse, speakers, etc.).

Each of the processes, methods and algorithms described in the preceding sections may be embodied in, and fully or partially automated by, code modules executed by one or more computers, computer processors, or machines configured to execute computer instructions. The code modules may be stored on any type of non-transitory computer-readable storage medium or tangible computer storage device, such as hard drives, hybrid drives, solid state memory, optical disc and/or the like. The processes and algorithms may be implemented partially or wholly in application-specific circuitry. The results of the disclosed processes and process steps may be stored, persistently or otherwise, in any type of non-transitory computer storage such as, e.g., volatile or non-volatile storage.

The various features and processes described above may be used independently of one another, or may be combined in various ways. All possible combinations and subcombinations are intended to fall within the scope of this disclosure. In addition, certain method, event, state or process blocks may be omitted in some implementations. The methods and processes described herein are also not limited to any particular sequence, and the blocks or states relating thereto can be performed in other sequences that are appropriate. For example, described tasks or events may be performed in an order other than that specifically disclosed, or multiple may be combined in a single block or state. The example tasks or events may be performed in serial, in parallel, or in some other manner. Tasks or events may be added to or removed from the disclosed example embodiments. The example systems and components described herein may be configured differently than described. For example, elements may be added to, removed from, or rearranged compared to the disclosed example embodiments.

While certain example embodiments have been described, these embodiments have been presented by way of example only, and are not intended to limit the scope of the inventions disclosed herein. Thus, nothing in the foregoing description is intended to imply that any particular feature, characteristic, step, module, or block is necessary or indispensable. Indeed, the novel methods and systems described herein may be embodied in a variety of other forms; furthermore, various omissions, substitutions and changes in the form of the methods and systems described herein may be made without departing from the spirit of the inventions disclosed herein. 

What is claimed is:
 1. A method of enabling upload of a file to a cloud storage system, said method comprising: receiving, from a client device, a request to upload a file, wherein the request indicates a size of the file; creating a storage container at at least one storage service of a plurality of storage services; receiving, from the at least one storage service, a set of access tokens for the storage container set; generating a temporary storage manifest including the access tokens, a data set identifier, and an address of the storage container; transmitting, to the client device, the temporary storage manifest; receiving a notification from the client device that the file was uploaded to the storage container successfully, the notification including the data set identifier; and in response to the notification, deleting the temporary storage manifest.
 2. The method of claim 1, further comprising establishing a customer account with the at least one storage service for uploading the file.
 3. The method of claim 2, further comprising maintaining a file manifest mapping the file to the customer account.
 4. The method of claim 3, wherein: portions of the file are stored at a plurality of the plurality of storage services; and the file manifest comprises cloud platform specific details for accessing each of the portions of the file using the plurality of the plurality of storage services.
 5. The method of claim 1, further comprising: automatically arbitrating with the plurality of storage services; and automatically initiating migration of at least a portion of the file between the plurality of storage services.
 6. The method of claim 5, further comprising maintaining a file manifest for the file for the at least one storage service.
 7. A method of enabling download of a file from a cloud storage system, said method comprising: receiving, from a client device, a request to download a file, wherein the request comprises a unique identifier for the file; locating a storage manifest that indicates respective locations of blocks of the file in at least one storage service based on the unique identifier; retrieving, from the at least one storage service, access tokens for the blocks of the file; transmitting, to the client device, the storage manifest with the retrieved access tokens for downloading of the file; receiving a notification from the client device that downloading of the file is complete; and in response to the notification, revoking the access tokens.
 8. The method of claim 7, further comprising: automatically arbitrating with a plurality of storage services; and automatically initiating migration of at least some of the blocks of the file between the plurality of storage services.
 9. The method of claim 8, further comprising maintaining the storage manifest for the file for the at least one storage service.
 10. A system for enabling upload of a file to a cloud storage system, the system comprising: a memory; and at least one processor coupled to the memory and configured to: receive, from a client device, a request to upload a file, wherein the request indicates a size of the file; create a storage container at at least one storage service of a plurality of storage services; receive, from the at least one storage service, access tokens for the storage container; generate a temporary storage manifest including the access tokens, a data set identifier, and an address of the storage container; transmit, to the client device, the temporary storage manifest; receive a notification from the client device that the file was uploaded to the storage container successfully, the notification including the data set identifier; and delete the temporary manifest in response to the notification.
 11. The system of claim 10, wherein the at least one processor is further configured to establish a customer account with the at least one storage service for uploading the file.
 12. The system of claim 11, wherein the at least one processor is further configured to maintain a file manifest mapping the file to the customer account.
 13. The system of claim 12, wherein: portions of the file are stored at a plurality of storage services; and the file manifest comprises cloud platform specific details for accessing each of the portions of the file using the plurality of storage services.
 14. The system of claim 10, wherein the at least one processor is further configured to: automatically arbitrate with the plurality of storage services; and automatically initiate migration of at least a portion of the file between the plurality of storage services.
 15. The system of claim 14, wherein the at least one processor is further configured to maintain a file manifest for the file for the at least one storage service.
 16. A system for enabling download of a file from a cloud storage system, the system comprising: a memory; and at least one processor coupled to the memory and configured to: receive, from a client device, a request to download a file, wherein the request comprises a unique identifier for the file; locate a manifest that indicates respective locations of blocks of the file in at least one storage service based on the unique identifier; retrieve, from the at least one storage service, access tokens for the blocks of the file; transmit, to the client device, the manifest with the retrieved access tokens for downloading of the file; receive a notification from the client device that downloading of the file is complete; and in response to the notification, revoke the access tokens.
 17. The system of claim 16, wherein the at least one processor is further configured to: automatically arbitrate with a plurality of storage services; and automatically initiate migration of at least some of the blocks of the file between the plurality of storage services.
 18. The system of claim 17, wherein the at least one processor is further configured to maintain the manifest for the file. 